A school district in Manor, Texas, was caught in a phishing email scam that cost $2.3 million in losses. 

Investigators with the Manor Police Department and the FBI are following "strong leads" to figure out how a massive amount of money was sucked out of the Manor Independent School District, according to a news release.

The Manor ISD school district services more than 8,000 students from elementary to high school.

"This investigation is still ongoing", the release says, noting that the phishing email was sent to multiple people at the school district and it was a single person that responded. The money was sent through three separate transactions, and the person who paid didn’t realize the bank account information was changed and it was being sent to a fake bank.

Orion Cassetto, director, Product Marketing, Exabeam, told Security magazine: “According to the 2019 Verizon Data Breach Investigations Report, phishing is still the No. 1 cause of data breaches. It is essentially a form of social engineering. Hackers are looking for ways to trick you into clicking on something malicious in an email, whether it’s a link or an attachment. It sounds simple, but phishing is just the entry point. It can lead to malware infection, lateral movement, account takeover, identify theft and more. The more compelling and realistic the content, the more likely the recipient is to click on it. For organizations, it’s essential to deploy a defense in depth strategy, which could include: security awareness training, including how to spot phishing emails; implementing relevant security products like email security and threat intelligence solutions, which may help identify threat campaigns targeting your organization; and implementing behavioral analysis to help identify users who are behaving anomalously and may have fallen victim to the phishing campaign.”